thr3ads.net - Shorewall users - Pinging from IP aliases? [Aug 2014]

If this information is useful, please help other people find it:
Share via:

Dale Greenway

2014-Aug-04 04:44 UTC

Pinging from IP aliases?

Hello.

I'm installing Shorewall on my hosted server.

I'm doing stuff step by step so I can understand what does what.  I have
some trouble with Pings coming from private IP aliases.

The server has 2 IPs on its one interface

eth0
  X.15.9.149
  172.16.1.10

The shorewall config that matters is

  /etc/shorewall/interfaces
    net   eth0   tcpflags,nosmurfs,logmartians=1,routefilter=1,sourceroute=0

  /etc/shorewall/zones
    fw    firewall
    net   ipv4

  /etc/shorewall/rules
    ...
    Ping(ACCEPT)   $FW   net
    ...

When I do a 

ping google-public-dns-a.google.com

it works an you can see the ICMP traffic in both directions

tcpdump -i eth0 | grep google-public-dns-a.google.com
  tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
  listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
  21:08:33.138416 IP my.fqdn.me > google-public-dns-a.google.com: ICMP echo
request, id 9539, seq 1, length 64
  21:08:33.160647 IP google-public-dns-a.google.com > my.fqdn.me: ICMP echo
reply, id 9539, seq 1, length 64


When I bind the ping to the internal IP address

ping -c1 -I 172.16.1.10 google-public-dns-a.google.com

it times out.  And you only see ICMP traffic in one direction

tcpdump -i eth0 | grep google-public-dns-a.google.com
  tcpdump: verbose output suppressed, use -v or -vv for full protocol decode
  listening on eth0, link-type EN10MB (Ethernet), capture size 65535 bytes
  21:10:41.011189 IP 172.16.1.10 > google-public-dns-a.google.com: ICMP echo
request, id 9556, seq 1, length 64

I thought since 172.16.1.10 is on the firewall this should work too.

I guess I need another rule or masq or nat, right?  I'm kindof unclear about
the right options in the interface's options too.  What do I need to change
to make the

  ping -c1 -I 172.16.1.10 google-public-dns-a.google.com

work right?

Dale Greenway

____________________________________________________________
FREE ONLINE PHOTOSHARING - Share your photos online with your friends and
family!
Visit http://www.inbox.com/photosharing to find out more!



------------------------------------------------------------------------------
Infragistics Professional
Build stunning WinForms apps today!
Reboot your WinForms applications with our WinForms controls. 
Build a bridge from your legacy apps to the future.
http://pubads.g.doubleclick.net/gampad/clk?id=153845071&iu=/4140/ostg.clktrk

Shorewall users - Aug 2014 - Pinging from IP aliases?

Pinging from IP aliases?